User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0320 (firefox)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0320: Updated firefox & related packages fix multiple security vulnerabilities
Date:  Sat, 9 Nov 2013 19:55:18 +0100
Message-ID:  <20131109185518.E167F48644@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0320 - Updated firefox & related packages fix multiple security vulnerabilities Publication date: 09 Nov 2013 URL: http://advisories.mageia.org/MGASA-2013-0320.html Type: security Affected Mageia releases: 2, 3 CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 Description: Updated firefox packages fix security vulnerabilities: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure (CVE-2013-1739). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602). It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5595). A flaw was found in the way Firefox handled certain Extensible Stylesheet Language Transformations (XSLT) files. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox (CVE-2013-5604). Additionally, the rootcerts, nspr, nss, and sqlite3 packages have been updated to newer versions required by this update. References: - http://www.mozilla.org/security/announce/2013/mfsa2013-93... - http://www.mozilla.org/security/announce/2013/mfsa2013-95... - http://www.mozilla.org/security/announce/2013/mfsa2013-96... - http://www.mozilla.org/security/announce/2013/mfsa2013-98... - http://www.mozilla.org/security/announce/2013/mfsa2013-10... - http://www.mozilla.org/security/announce/2013/mfsa2013-10... - http://www.mozilla.org/security/known-vulnerabilities/fir... - http://www.mandriva.com/en/support/security/advisories/ad... - https://rhn.redhat.com/errata/RHSA-2013-1476.html - https://bugs.mageia.org/show_bug.cgi?id=11370 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604 SRPMS: - 3/core/sqlite3-3.7.17-1.mga3 - 3/core/rootcerts-20130411.00-1.mga3 - 3/core/nspr-4.10.1-1.mga3 - 3/core/nss-3.15.2-1.1.mga3 - 3/core/firefox-24.1.0-1.mga3 - 3/core/firefox-l10n-24.1.0-1.mga3 - 2/core/sqlite3-3.7.17-1.mga2 - 2/core/rootcerts-20130411.00-1.mga2 - 2/core/nspr-4.10.1-1.mga2 - 2/core/nss-3.15.2-1.1.mga2 - 2/core/firefox-24.1.0-1.mga2 - 2/core/firefox-l10n-24.1.0-1.mga2


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds